SP-010: Identity Management Pattern
The function of Identity management is to provide the necessary identifier data for authentication and authorization within business applications. The term access control is today extended to “usage control”, particularly in those scenarios where data is also protected outside the business application by means of DRM technology.
There are different needs for authentication of business partners and private customers. Mostly these needs are different because the transaction volume of a business partner tends to be much larger and hence the risk is higher. With higher risks one expects stronger security and hence the level of confidence needed for an authentication assertion increases.
The oldest enterprise challenge when it comes to managing identities across all business applications is the synchronisation of data between the distributed systems. In the age of “business process outsourcing” however we are faced with systems that are distributed across network and trust boundaries and hence synchronisation can present an even larger challenge. A better approach is promised via identity federation, however this requires a trust model that spans across organisations, so that the relying party is able to accept identity assertions made by a partners systems. Furthermore federation requires a unification or a translation of identity attributes at the federation boundary. Standards for federation are slowly emerging,and vendors gradually making their products compatible.
Another big challenge in outsourced scenarios is the control of service level agreements (SLAs) regarding the timely provisioning and de-provisioning of identities. Data-leakage of identity information is also a critical risk in every corporation.
This pattern applies to companies where private customer or confidential business identity information is stored and processed.
You do not process critical data, and do not store or process private or confidential identity information.
Resistance against threats: TBD.
- to be added
- to be added : Industry sector | Threat | Infrastructure area
Release Date: 2008-Sep-29, Minor revision 2009-Sep-29
Reviewers: Russell, Phaedrus